Our Blog

Mobile Hacking on the West Coast

Reading time ~2 min

December sees SensePost presenting Hacking by Numbers: Mobile at  BlackHat West Coast Trainings. This course was first presented at BlackHat Vegas 2013 and 44Con 2013, growing in popularity and content with each iteration. For more information continue reading below or visit https://blackhat.com/wc-13/training/Hacking-by-Numbers-Mobile.html.

The mobile environment has seen immense growth and has subsequently seen organisations racing to be the first to market with the next best app. The rapid increase in mobile popularity and the speed at which developers are forced to produce new applications has resulted in an ecosystem full of security vulnerabilities. As more organisations are moving from web applications to mobile applications, penetration testers are required to adapt their testing methodology to keep pace with the changing platforms. Mobile applications developers have been lulled into a false sense of security due to the belief that “the platform will take care of the security”. The Hacking by Numbers: Mobile course aims to help both penetration testers and mobile applications developers to find and understand common security vulnerabilities on a wide range of mobile platforms. The course teaches a mobile application security testing methodology that can easily be applied to mobile applications on Android, iOS, Blackberry and Windows Mobile.

Rather than focus on a specific mobile platform or a set of testing tools, the Hacking by Numbers Mobile course covers the following:

  • Android, iOS, RIM and Windows 8 Platform security
  • Communication protocols
  • Programming languages for mobile development
  • Building your own mobile penetration testing lab
  • Mobile application analysis
  • Static Analysis
  • Authentication and authorization
  • Data validation
  • Session management
  • Transport layer security and information disclosure

The structure of the course makes it ideal for testers and developers new to the mobile application security space, starting with the basic concepts of mobile security testing all the way through to decompilation, analysis and modification of mobile applications. As with all Hacking by Numbers courses, the mobile edition focuses on hands-on experience, with numerous lab exercises designed to provide students with practical experience to match the theory.Previous iterations of the course has seen real world applications being downloaded from the app store and common security vulnerabilities being identified.

Lab exercises include:

  • Finding and retrieving sensitive files.
  • Interception and Analysis of network traffic.
  • Runtime analysis of Application memory state.
  • Decompilation and static analysis of applications.
  • Runtime modification of application functions.
    And many more…

Training will be held from 11-12 December and more information can be found  at https://blackhat.com/wc-13/training/Hacking-by-Numbers-Mobile.html.

Looking forward to seeing you all in Seattle!